|
2 | 2 | title: "Variables & Secrets" |
3 | 3 | --- |
4 | 4 |
|
5 | | -Digger supports per-project Variables that are made available as environment variables to terraform / opentofu at runtime. |
| 5 | +Digger supports per-project Variables that are made available as environment variables to Terraform / OpenTofu at runtime. |
6 | 6 | Variables are stored on the backend and passed to the job via the Job Spec. |
7 | 7 |
|
8 | | -You can manage variables in the TFVars tab of every project. |
| 8 | +You can manage variables in the `TFVars` tab of every project. |
9 | 9 |
|
10 | 10 | There are 2 types of variables: Plain Text and Secret. |
11 | 11 |
|
12 | 12 | # Plain Text variables |
13 | 13 |
|
14 | | -They are stored on the backend as-is and are not secured in any special way beyond standard transport and at-rest encryption in the infrastructure. Plain Text variable should only be used for non-sensitive data, like configuration parameters that differ across environments. |
| 14 | +They are stored on the backend as-is and are not secured in any special way beyond standard transport and at-rest encryption in the infrastructure. Plain Text variables should only be used for non-sensitive data, like configuration parameters that differ across environments. |
15 | 15 |
|
16 | 16 | # Secret variables |
17 | 17 |
|
18 | 18 | These variables are stored in the database encrypted with your organisation's Secret Key. It's an RSA public key that you can create in Organisation Settings. You will not be able to create Secret Variables until you have created your Secret Key as follows: |
19 | 19 |
|
20 | | -1. Go to your Organisation Settings and click Create Secrets Key |
| 20 | +1. Go to your Organisation Settings and click Create Secret Key |
21 | 21 | 2. Copy the private key and save it in your GitHub Actions as an org-level secret named `DIGGER_PRIVATE_KEY` |
22 | 22 |
|
23 | 23 | <Note> |
24 | 24 | The key pair is generated in the front-end, and only shown once. At no point |
25 | | - the private key is saved or accessed by Digger services. If you lose your |
26 | | - private key, you will also lose ability to decrypt your secrets created using |
| 25 | + is the private key saved or accessed by Digger services. If you lose your |
| 26 | + private key, you will also lose the ability to decrypt your secrets created using |
27 | 27 | that key - so you will need to re-create all your secrets in all projects. |
28 | 28 | </Note> |
29 | 29 |
|
|
0 commit comments